Mobile software that meddles with your sensitive info must have privacy polices and must display them clearly, California's Attorney General Kamala Harris declared yesterday in a statement agreed by all major app sellers.

Under the new rule, anyone downloading a program from Apple, Android, RIM, Windows, HP or Amazon stores should be presented with an app privacy policy that reports what personal information the software will slurp and how it will be used. Apps that don't use personal data don't have to present a policy.

The move comes after reports that only 5 per cent of apps have privacy policies and popular titles were caught snatching contact lists and unique phone IDs, location, age, gender and even key taps. Harris expressed the hope that the joint statement will bring developers in line with California's laws on digital privacy.

It will also have a ripple-out effect for anyone outside California as app stores are global, and will bring the issue to the attention of federal law-makers.

"This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps," Harris said in a statement. "By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used."

Apps that fail to meet the new guidelines will be fined at a rate of up to $5,000 per user, said Harris at a conference reported by the LA Times. Users will get new tools to report apps that breach privacy regulations and a review will be held in 6 months' time.

The new app privacy agreement doesn't change what apps can or can't do, but does make punters aware of what's happening in their phone. However watchdogs argue that privacy policies - often weighed down in small print - are not the best way to inform consumers.

"This is an improvement from the current Wild West that is the mobile market," said John M Simpson of the Californian Consumer Watchdog Privacy Project. He added:

But trying to decipher what’s going on through a privacy policy written by lawyers, paid by the word to obfuscate can be extremely frustrating. It’s even more difficult on small hand-held devices. We need a simple, persistent way to send a message that a user doesn’t want to be tracked. We need Do Not track legislation.

The move to stop browsers tracking user activity - nicknamed the Do Not Track debate - has raged on at PC level - this brings that argument into the mobile space.

Apple and Google host approximately 1 million mobile applications, up from just 600 in 2008. ®